CN100571135C - Generation method, manipulation and detection method and the device of data for detection of tampering - Google Patents

Generation method, manipulation and detection method and the device of data for detection of tampering Download PDF

Info

Publication number
CN100571135C
CN100571135C CNB2005101233512A CN200510123351A CN100571135C CN 100571135 C CN100571135 C CN 100571135C CN B2005101233512 A CNB2005101233512 A CN B2005101233512A CN 200510123351 A CN200510123351 A CN 200510123351A CN 100571135 C CN100571135 C CN 100571135C
Authority
CN
China
Prior art keywords
mentioned
key information
data
check
domain key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005101233512A
Other languages
Chinese (zh)
Other versions
CN1790986A (en
Inventor
佐藤友哉
藤原睦
盐见谦太郎
根本祐辅
鸟崎唯之
清水和也
井上信治
藤村一哉
越智诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nuvoton Technology Corp Japan
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of CN1790986A publication Critical patent/CN1790986A/en
Application granted granted Critical
Publication of CN100571135C publication Critical patent/CN100571135C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a kind of make a plurality of content keys with corresponding as the domain key of 1 trunk and be stored in can be by the confidential information processing system in the zone of user capture in, the content key that treating capacity is little alter the method for inspection.The hashed value of each content key that will be corresponding with same domain key is stored in the normal areas with the form of hash table, and will be stored in the protection zone as the hashed value of the hash table of the hashed value of domain key.Perhaps, be embedded in the content key and the altering of inspection content key by checking with data, and, check that will be corresponding with same domain key link together with data and will connect after hashed value be stored in the protection zone as the hashed value of domain key.

Description

Generation method, manipulation and detection method and the device of data for detection of tampering
Technical field
The present invention relates to check the legitimacy that is stored in the confidential information in the target device or do not have method and the device of altering (tamper).
Background technology
The content (for example, being the content of representative with music data or image data) that relates to works or personal information etc. need prevent illegal duplicate or to external leaks.This content, with encrypted state storage in target device.When main equipment uses the encrypted content that is stored in the target device, carry out authentication processing between main equipment and the target device, as this authentification failure, main equipment just can not be obtained the content key that is used for the encrypted content deciphering from target device.On the other hand, as this authentication success, main equipment can be visited and is stored in the content in the target device and use this content.By adopting this structure, can prevent that illegal main equipment from deciphering encrypted content.Here, target device for example is the storage card of SD card and so on.And main equipment is from the semiconductor integrated circuit of storage card sense data, the complete set of equipments of this semiconductor integrated circuit has been installed or has been distributed transfer equipment to the content of target device distribution transmission content.
Below, the storage area of target device in the prior art is described and is stored in confidential information in this storage area with reference to Figure 17.In the following description, so-called confidential information is meant to content being reproduced required information (for example, key information etc.).
Storage area in the target device is divided into system realm 901, protection zone 902, reaches normal areas 903.System realm 901 is storage is used for carrying out the information of authentication processing between main equipment and target device zones.Main equipment could access system zone 901 only when the visit to system realm 901 is predetermined processing through permission.Protection zone 902 is zones that user's (main equipment) can not conduct interviews arbitrarily and only could visit after authentication success.Normal areas 903 is zones that the user can random access.At system realm 901 stored authenticate keys.The 902 stored encrypted content key in the protection zone.At normal areas 903 stored encrypted contents.
Below, the method for main equipment with deciphering of the encrypted content in the target device and use is described.At first, main equipment utilizes authenticate key and the interior authenticate key of being stored of target device self stored to authenticate.As authentication success, main equipment generates the authentication intermediate key with these authenticate keys.This authenticates intermediate key, is defined as to be used for key that encrypted content key is decrypted.Therefore, main equipment is obtained encrypted content key from target device, and with the authentication intermediate key this encrypted content key is deciphered, thereby generates the expressly content key of (plain text refers to the unencrypted state).Further, main equipment is obtained encrypted content from target device, and utilizes content key expressly with this encrypted content deciphering, thereby generates content expressly.Thus, can use content.By carrying out aforesaid processing, can be only by authentication success main equipment use the encrypted content that is stored in the target device.
In the deciphering of above-mentioned content, then generate the authentication intermediate key as authentication success, therefore need only authentication success and just encrypted content can be deciphered.That is, so long as legal main equipment just can use the encrypted content that is stored in the target device.
On the other hand, in recent years, utilize the electronic distribution load mode to send encrypted content, therefore, can only use this class activity of content to become increasingly active by this specific user to specific user.But, when wanting under this electronic distribution load mode, to use, sending to specific user's encrypted content, must can only be decrypted by the main equipment that this specific user had.But, in above-mentioned method, can not satisfy this requirement.
Therefore, a kind of method of specific user being set effective domain key newly developed.When having set domain key, content is with content key encryption, and content key is encrypted with the domain key of only specific user being set rather than encrypted with the authentication intermediate key.The another kind of secret key encryption that domain key itself is then used the authentication intermediate key or generated by the information that authenticates intermediate key, and be stored in the target device.Therefore also can guarantee the invisible of domain key itself.
With reference to Figure 18, the confidential information in the storage area that is stored in when having set domain key as upper type in the target device is described.In order still to keep the interchangeability with in the past target device when having set domain key, the region partitioning method in the target device must be identical.In addition, if the two all has been kept in the protection zone 902 with domain key and content key,, also it is stored in the level of confidentiality zone identical with content key although then domain key is to be used for key that content key is decrypted.Therefore, for keeping confidentiality and interchangeability, when having set domain key, domain key with the state storage after encrypting in protection zone 902.In addition, content key with the state storage after encrypting in normal areas 903.
But as mentioned above, normal areas 903 is zones that the user can random access, therefore, guarantees to be stored in the legitimacy of the encrypted content key in the normal areas 903, in other words to test be vital to altering.
As look-ahead technique document related to the present invention, TOHKEMY 2001-203686 communique is arranged.In TOHKEMY 2001-203686 communique, 1 content-data is divided into a plurality of parts, each several part is calculated test value, and compare with the test value that is kept in advance.Thus, can only partly alter check to necessity.
But, this technology only is divided into various piece with 1 content-data simply, as described later, with the present invention be inequality in itself, in the present invention, when existing a plurality of content key corresponding, by these a plurality of content keys and the data of imbedding in the domain key are explicitly mated, thereby alter check with 1 domain key.
[patent documentation 1] TOHKEMY 2001-203686 communique
Summary of the invention
Here, further describe the confidential information that is stored in the target device with reference to Figure 19.In the protection zone 902 in target device, storing n domain key Ku (the 1)~Ku (n) after (n is the integer more than or equal to 1) encryption.To domain key Ku (1)~Ku (n), give n domain key management information UR[u correspondingly] (1)~UR[u] (n).
In the normal areas 903 of target device, storing a plurality of content keys.Each content key, with among domain key Ku (1)~Ku (n) any 1 corresponding.That is, can a plurality of encrypted content key be deciphered with 1 domain key.For example, there be m (m is the integer more than or equal to 1) content key Kt (1-1)~Kt (1-m) corresponding with domain key Ku (1).To content key K t (1-1)~Kt (1-m), give m content key management information UR[t correspondingly] (1-1)~UR[t] (1-m) and m additional information info (1-1)~info (1-m).
In Figure 19, domain key Ku (1)~Ku (n) and domain key management information UR[u] (1)~UR[u] (n) set, be expressed as " domain key group UKURE ", content key Kt (1-1)~Kt (1-m), content key management information UR[t] (1-1)~UR[t] (1-m) and the set of additional information info (1-1)~info (1-m), be expressed as " content key group TKURE (1) ".
Be the contents decryption after encrypting, need content key expressly.And, need domain key for the encrypted content key deciphering.Can in normal areas 903, also store key correspondence table Address List (address table) by which domain key deciphering in order promptly to retrieve which content key.In key correspondence table Address List, record the corresponding relation of domain key and content key.For example, to domain key Ku (1), and can be corresponding with content key Kt (the 1-1)~Kt (1-m) of this domain key deciphering.
As mentioned above, during the altering of the confidential information in check is stored in target device, adopt the method for each confidential information being used hash function usually.In addition, in general, when with the altering of hash computing checking machine confidential information, to all information and executing hash computings that are associated with this confidential information.
Below, illustrate with hash function the confidential information that is stored in the target device is carried out the situation of check of altering.The prefix of the state after here, " Enc " encrypts as expression.For example, the domain key management information UR[u after " EncUR[u] (1) " expression is encrypted] (1).
At first, can be with encrypted content key EncKt (1-1)~EncKt (1-m), the encrypted content key management information EncUR[t corresponding of domain key Ku (1) deciphering with this encrypted content key EncKt (1-1)~EncKt (1-m)] (1-1)~EncUR[t] (1-m), reach additional information info (the 1-1)~info (1-m) corresponding and all link together and carry out the hash computing with this encrypted content key EncKt (1-1)~EncKt (1-m).To be stored in domain key management information UR[u by the hashed value that this hash computing obtains] in (1).
Then, when to encrypted content key EncKt (1-1) when being decrypted, main equipment is with reference to key correspondence table Address List, and the normal areas 903 in target device is read content key group TKURE (1), and carries out the hash computing.On the other hand, the authentication intermediate key of main equipment to obtain by authentication is to being stored in the encrypted domain key management information Enc UR[u in the protection zone 902 in the target device] (1) be decrypted.Then, the domain key management information UR[u of main equipment from obtaining by deciphering] extract hashed value (1).Then, the main equipment hashed value that will obtain by the hash computing with from domain key management information UR[u] hashed value of extraction compares (1).As both unanimities, then main equipment is judged as and is not altered, and encrypted content key is deciphered.On the other hand, inconsistent as both, then main equipment is judged as and is altered, thereby encrypted content key is not decrypted.
But altering in the method for inspection as shown in figure 19, it is very big that treating capacity becomes.Promptly, for checking altering of 1 content key (content key Kt (1-1)), main equipment must be read the full content key of available same domain key deciphering and subsidiary all information (content key group TKURE (1)) thereof from target device, and to this information and executing hash computing of reading.Particularly, when the number of the content in being stored in target device increased, the number of content key also increased thereupon.Consequently, with 1 content key increase that domain key is corresponding, therefore further increased in the processing time.
In addition, also imagined the situation that content and content key are transmitted by distributions such as networks as one group of data.In this case, to append sometimes/delete and 1 content key that domain key is corresponding.But, according to method in the past, when append/when deleting content key, must re-execute a hash computing once more to all the elements key corresponding and attached information (content key group TKURE (1)) thereof, and the hash function that calculates is embedded in the incidental domain key management information of this domain key (domain key management information UR[u] (1)) with 1 domain key (domain key Ku (1)).
The objective of the invention is to, carry out at a high speed the check of altering by the little method of inspection of altering of a kind for the treatment of capacity is provided.In more detail; in the confidential information processing system of content being protected by repeatedly encrypting; when make a plurality of content keys corresponding with 1 domain key and be stored in can be by the zone of user capture in the time; realize the check of altering of content key with little treating capacity, thereby prevent bootlegging content.
For solving above-mentioned problem, the 1st method of the present invention, be to be used to detect at least 1 domain key is stored in the 1st zone and will be separately and the generation method of the data for detection of tampering of altering of foregoing key information in any 1 a plurality of key information that are associated of above-mentioned domain key information are stored in the target device in the 2nd zone different with above-mentioned the 1st zone, it is characterized in that, comprising: the step that the above-mentioned a plurality of key information that will be associated with a domain key by the encrypted url mode are encrypted; A plurality of key information of the state after the above-mentioned encryption extract the step of the data in precalculated position; Data step of connecting with a plurality of above-mentioned precalculated positions of being extracted; The data in a plurality of above-mentioned precalculated positions after the above-mentioned connection are carried out the step of hash computing and calculating linking hashed value; Will the test value corresponding be stored in the step in the above-mentioned target device with the data in the above-mentioned precalculated position of plaintext state; And above-mentioned link hashed value is stored in step in the above-mentioned target device.
In addition, the 2nd method of the present invention, be detect will at least 1 the domain key information stores the 1st zone and will be separately with above-mentioned a plurality of key information in any 1 a plurality of key information that are associated of above-mentioned domain key information are stored in the target device in the 2nd zone different with above-mentioned the 1st zone in the manipulation and detection method of altering of a key information, it is characterized in that, comprise: the 1st calculation procedure, an above-mentioned key information is carried out the 1st computing and calculated the check data; The 1st comparison step, the check that will calculate in above-mentioned the 1st calculation procedure compares with data with data and the check that is stored in advance in above-mentioned the 2nd zone; Extraction step, do not carry out above-mentioned the 1st computing ground and extract a plurality of check data related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information; The 2nd calculation procedure is carried out the 2nd computing and calculated population check data to the above-mentioned a plurality of checks that extract with data in above-mentioned extraction step; And the 2nd comparison step, the overall check that will calculate in above-mentioned the 2nd calculation procedure compares with data with data and the overall check that is stored in accordingly in above-mentioned the 1st zone with an above-mentioned domain key information in advance.
In addition, the 3rd method of the present invention, be detect with at least 1 the domain key information of state storage after encrypting and separately with the target device of any 1 a plurality of key information that are associated of above-mentioned domain key information in above-mentioned a plurality of key information in the manipulation and detection method of altering of a key information, it is characterized in that: in above-mentioned target device, store the overall test value of the state after encrypting in the encrypted url mode and the overall test value of state expressly in advance, comprise the 1st calculation procedure, an above-mentioned key information is carried out the 1st computing and calculated the check data; The 1st comparison step, the check that will calculate in above-mentioned the 1st calculation procedure compares with data with data and the check that is stored in the above-mentioned target device in advance; Extraction step, extract a plurality of check data of the state after the encryption related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information; The 2nd calculation procedure is connected a plurality of checks of the state after the above-mentioned encryption overall test value with the state after data and the above-mentioned encryption back, is decrypted and calculates the expressly overall test value of state; And the 2nd comparison step, the overall test value of the plaintext state that will calculate in above-mentioned the 2nd calculation procedure and the above-mentioned overall test value of the plaintext state of storage in advance compare.
In addition, the 4th method of the present invention, be at least 1 domain key information of detection of stored and separately with the target device of any 1 a plurality of key information that are associated of above-mentioned domain key information in above-mentioned a plurality of key information in the manipulation and detection method of altering of a key information, it is characterized in that: with each of above-mentioned a plurality of key information with the state storage after encrypting by the encrypted url mode in above-mentioned target device, comprise the 1st calculation procedure, thereby the data in above-mentioned key information deciphering and extraction precalculated position are calculated test value; The 1st comparison step, the test value that will calculate in above-mentioned the 1st calculation procedure compares with the test value that is stored in the above-mentioned target device in advance; Extraction step, extract a plurality of test values related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information; The 2nd calculation procedure is carried out the 2nd computing and calculated population check data to the above-mentioned a plurality of test values that extract in above-mentioned extraction step; And the 2nd comparison step, the overall check that will calculate in above-mentioned the 2nd calculation procedure compares with data with the overall check that data and domain key information same as described above in advance are stored in above-mentioned the 1st zone accordingly.
For checking altering of 1 content key, only need carry out altering of 1 content key checked and the alter check of the check corresponding with all the elements key with data (hashed value, test value etc.) got final product, therefore, treating capacity significantly reduces, and processing speed obviously improves.
Even in the distribution by network transmits, append/also there is no need when deleting content key all content keys with same domain key deciphering are generated the check data, only need to generate the check corresponding and get final product with data with the corresponding final check of data with data with this check with the content key that is appended.
In general, keep the zone of confidentiality,, the little zone of the storage area decision that according to target equipment had only is set from installing and convenient consideration.Therefore, as in the zone that keeps confidentiality, only storing final check data, preferably do not increase the zone that keeps confidentiality.
Description of drawings
Fig. 1 is the overall construction drawing of the confidential information processing system of expression the present invention the 1st execution mode.
Fig. 2 is the general flowchart about the action of the confidential information processing system shown in Fig. 1.
Fig. 3 is the figure that is stored in the confidential information in the target device in expression the present invention the 1st execution mode.
Fig. 4 is the figure that is used to illustrate the encrypt/decrypt of the encrypt/decrypt of domain key and content key.
Fig. 5 is the figure that is used for the hash table shown in the key diagram 3 and connects the generation step of hashed value.
Fig. 6 is about altering the flow chart of the method for inspection in the present invention's the 1st execution mode.
Fig. 7 is the figure that is used to illustrate the Change Example of the present invention's the 1st execution mode.
Fig. 8 is the figure that is used to illustrate the encrypted url mode.
Fig. 9 is the figure that is stored in the confidential information in the target device in expression the present invention the 2nd execution mode.
Figure 10 is the figure that is used to illustrate the step that generates the link hashed value shown in Fig. 9.
Figure 11 is the figure that is used to illustrate the step of altering of checking the content key group shown in Fig. 9.
Figure 12 is about altering the flow chart of the method for inspection in the present invention's the 2nd execution mode.
Figure 13 is the figure that is used to illustrate the Change Example of the present invention's the 2nd execution mode.
Figure 14 is the figure that is stored in the confidential information in the target device in expression the present invention the 3rd execution mode.
Figure 15 is used to illustrate generate the test value table shown in Figure 14 and encrypt the figure of the step of overall test value.
Figure 16 is the figure that is used to illustrate the step of altering of checking the test value table shown in Figure 14.
Figure 17 is the figure that expression is stored in the confidential information in the existing target device.
Figure 18 is the figure that expression is stored in the confidential information in the existing target device when having set domain key.
Figure 19 illustrates the figure that is stored in the confidential information in the target device in further detail.
Embodiment
Below, the execution mode that present invention will be described in detail with reference to the accompanying.Among the figure identical or corresponding part is marked with identical symbol and no longer repeats its explanation.
(the 1st execution mode)
<general structure 〉
The general structure of confidential information processing system in the present invention's the 1st execution mode shown in Figure 1.This confidential information processing system is made of target device 10 and main equipment 11.Target device 10 for example is to be the storage medium of the storage card and so on of representative with the SD card, and storage comprises the data of confidential information.Main equipment 11 is connected with target device 10, and and target device 10 between carry out reading/writing of confidential information.
The storage area of<target device 〉
The storage area of target device 10 is provided with system realm 101, protection zone 102, reaches normal areas 103.System realm 101 is being stored the information (for example, authenticate key) that is used for carrying out authentication between target device 10 and main equipment 11.Main equipment 11 could access system zone 101 when to have only visit to system realm 101 be predetermined processing through permission.Protection zone 102 is zones that user's (main equipment) can not conduct interviews arbitrarily and only could visit after authentication success.Normal areas 103 is zones that the user can random access.Domain key after protection zone 102 stored are encrypted.Content after normal areas 103 stored encrypted content key and encryption.
The internal structure of<main equipment 〉
Main equipment 11 comprises internal bus 111, target I/F portion 112, confidential information handling part 113, main I/F portion 114, host CPU 115, RAM116.Target I/F portion 112, and carry out the input and output of data between the target device 10.Confidential information handling part 113, and carry out authentication according to predetermined order between the target device 10.In addition, confidential information handling part 113 is also carried out encrypt/decrypt to the confidential information that is stored in the target device 10.Main I/F portion 114, and between the target I/F portion 112, and confidential information handling part 113 between, and and host CPU 115 between carry out the input and output of data.Host CPU 115 makes confidential information handling part 113 carry out predetermined order.RAM116 is used for temporarily storing the service area use of data by host CPU 115 or 113 conducts of confidential information handling part.
Read/write fashionable when what between target device 10 and main equipment 11, carry out confidential information, must between target device 10 and main equipment 11, authenticate.In this case, by host CPU 115 confidential information handling part 113 is started, and carry out authentication processing by confidential information handling part 113.As authentication success, in main equipment 11, read confidential information from target device 10 by target I/F portion 112, and by 113 deciphering of confidential information handling part.
In addition, host CPU 115 is gone back the action of starter confidential information handling part 113.Confidential information handling part 113 is concealed hardware.And confidential information handling part 113 when by host CPU 115 startings, is only carried out and has been guaranteed predetermined order confidentiality or that the confidentiality requirement is low.
<overall handling process 〉
Below, illustrate that with reference to Fig. 2 11 pairs of main equipments are stored in the processing that the encrypted content in the target device 10 is decrypted.
[step ST11]
At first, when target device 10 was connected with main equipment 11, main equipment 11 was read the authenticate key that is stored in the target device 10.
[step ST12]
Then, main equipment 11 utilizes from target device 10 authenticate key of reading and the master who self has and carries out authentication processing with authenticate key.
[step ST13]
When the result of authentication processing had shown authentification failure, main equipment 11 was judged as unauthorized access and execution abort action.On the other hand, when main equipment 11 is successful in authentication, enter step ST14.
[step ST14]
Then, main equipment 11 according to authenticate key of reading from target device 10 and the main authenticate key of using that self has, generates the authentication intermediate key.The authentication intermediate key that is generated is stored in the authentication intermediate key storage area in the confidential information handling part 113.So far, finished the preparation of between target device 10 and main equipment 11, carrying out exchange message subsequently.
[step ST15]
Then, main equipment 11 judges whether to wait the encrypted content of having asked being stored in the target device 10 to be decrypted by the user.When judgement has such request, enter step ST16.
[step ST16]
Then, main equipment 11 reads as from target device 10 encrypted content is deciphered required confidential information (encrypted content key, encrypted domain key and attached information thereof).As concrete processing, main equipment 11 at first from the incidental information extraction content of encrypted content ID, and goes out for encrypted content being deciphered required content key according to content ID is specific.Prepare the corresponding relation of meaningful ID and content key in advance by the form of table.Then, main equipment 11 according to the specific content key that goes out, with reference to the key correspondence table in the normal areas 103 that has been stored in the target device, specificly goes out needed domain key.When going out content key and domain key, read required key information when specific.
[step ST17]
Then, main equipment 11 is read the encrypted domain key in the protection zone that is stored in target device 10.Then, main equipment 11 is used in the authentication intermediate key that generates among the step ST14 encrypted domain key is deciphered.Thus, generate domain key expressly.
[step ST18]
Then, main equipment 11 is read the encrypted content key in the normal areas that is stored in target device 10.Then, 11 pairs of encrypted content key of main equipment are carried out and are altered check.
[step ST19]
When having found the altering of encrypted content key, main equipment 11 is judged as unauthorized access and execution abort action.On the other hand, when not finding the altering of encrypted content key, enter step ST20.
[step ST20]
Then, main equipment 11 is used in the domain key that generates among the step ST17, and encrypted content key is deciphered.Thus, main equipment 11 is obtained content key expressly.
[step ST21]
Then, main equipment 11 is used in the content key of the plaintext of obtaining among the step ST20, and encrypted content is deciphered.Thus, can use content.
<confidential information 〉
Below, explanation is stored in the confidential information in the target device 10 with reference to Fig. 3.In protection zone 102, storing domain key group UKURE.In normal areas, storing key correspondence table Address List, content key group TKURE (i) and hash table Hash List (i).
[domain key group]
Domain key group UKURE comprises n (n is the integer more than or equal to 1) encrypted domain key EncKu (1)~EncKu (n) and n encrypted domain key management information EncUR[u] (1)~EncUR[u] (n).
Each encrypted domain key EncKu (1)~EncKu (n), (1 content key group) is corresponding with a plurality of encrypted content key.And as shown in Figure 4, encrypted domain key EncKu (1)~EncKu (n) by with the deciphering of authentication intermediate key, obtains domain key Ku (1)~Ku (n).Each domain key Ku (1)~Ku (n) is used for a plurality of content keys corresponding with self are carried out encrypt/decrypt.In other words, can carry out encrypt/decrypt to a plurality of content keys with 1 domain key.
Encrypted domain key management information EncUR[u] (1)~EncUR[u] (n), corresponding one by one with encrypted domain key EncKu (1)~EncKu (n).And, as shown in Figure 4, encrypted domain key management information EncUR[u] (1)~EncUR[u] (n),, obtain domain key management information UR[u by with the deciphering of authentication intermediate key] (1)~UR[u] (n).Further, as shown in Figure 3, at each encrypted domain key management information EncUR[u] (1)~EncUR[u] (n) precalculated position storing the connection hashed value.Connect hashed value, become according to the content key all living creatures corresponding with this encrypted domain key management information.For example, at encrypted domain key management information EncUR[u] (1)~EncUR[u] i encrypted domain key management information EncUR[u in (n)] (i) (i is the precalculated position of integer and 1≤i≤n), and storage connects hashed value Hash (i).This connects hashed value Hash (i), generates according to content key group TKURE (i).
In addition, the content key group TKURE (i) corresponding with encrypted domain key EncKu (i) only is shown in Fig. 3, still, encrypted domain key EncKu (i) each encrypted domain key EncKu (1)~EncKu (n) in addition also can be corresponding one by one with the content key group.
[content key group]
Content key group TKURE (i) is to use the content key of domain key Ku (i) encrypt/decrypt and the set of the incidental information of this content key.Content key group TKURE (i) comprises m (m for more than or equal to 1 integer) encrypted content key EncKt (i-1)~EncKt (i-m), m encrypted content key management information EncUR[t] (i-1)~EncUR[t] (i-m), a m additional information info (i-1)~info (i-m).
As shown in Figure 4, m encrypted content key EncKt (i-1)~EncKt (i-m) by with domain key Ku (i) deciphering, obtains content key Kt (i-1)~Kt (i-m).Each content key Kt (i-1)~Kt (i-m) is used for the content (not shown) corresponding with self carried out encrypt/decrypt.
Content key management information UR[t] (i-1)~UR[t] (i-m), corresponding one by one with content key Kt (i-1)~Kt (i-m).And, as shown in Figure 4, encrypted content key management information EncUR[t] (i-1)~EncUR[t] (i-m),, obtain content key management information UR[t by with domain key Ku (i) deciphering] (i-1)~UR[t] (i-m).
Additional information info (i-1)~info (i-m) is corresponding one by one with encrypted content key EncKt (i-1)~EncKt (i-m).
[key correspondence table]
Key correspondence table Address List makes address Ku addr (the 1)~Ku addr (n) of n encrypted domain key corresponding with n content key table Kt addr List (1)~Kt addr List (n).And, in each content key table, write the address of the encrypted content key that is comprised among the corresponding content key group.For example, can be with reference to content key table Kt addr List (i) retrieval with domain key Ku (i) the corresponding content key group TKURE (i) (in detail, be encrypted content key EncKt (i-1)~EncKt (i-m)) corresponding with address Ku addr (i) of domain key Ku (i).Like this, by reference key correspondence table Address List, can promptly retrieve the corresponding relation of domain key and content key.
[hash table]
Hash table Hash List (i), corresponding with content key group TKURE (i).And hash table Hash List (i) comprises m hashed value Hash (i-1)~Hash (i-m).Hashed value Hash (i-1)~Hash (i-m) is corresponding one by one with encrypted content key EncKt (i-1)~EncKt (i-m).In addition, the hash table Hash List (i) corresponding with content key group TKURE (i) only is shown in Fig. 3, but also can has the corresponding hash table of each content key group (not shown) in addition with content key group TKURE (i).
The generation step of<hash table 〉
Below, with reference to the generation step of the hash table Hash List (i) shown in Fig. 5 key diagram 3.
[step ST101-1]
At first, with encrypted content key EncKt (i-1), expressly additional information info (i-1) and encrypted content key management information EncUR[t] (i-1) link together.To each encrypted content key EncKt (i-2)~EncKt (i-m), similarly this encrypted content key, the incidental additional information of this encrypted content key and encrypted content key management information are linked together.Thus, generate m and connect data.
[step ST101-2]
Then, the connection data corresponding with encrypted content key EncKt (i-1) are carried out the hash computing.Thus, calculate hashed value Hash (i-1).To with the connection data that each encrypted content key EncKt (i-2)~EncKt (i-m) is corresponding, similarly this is connected data and carries out the hash computing.In this manner, calculate m hashed value Hash (i-1)~Hash (i-m).
[step ST101-3]
Then, m hashed value Hash (the i-1)~Hash (i-m) that calculates is collected in 1 table.So far, finished the hash table HashList (i) corresponding with content key group TKURE (i).
The generation step of<connection hashed value 〉
Below, with reference to the generation step of the connection hashed value Hash (i) shown in Fig. 5 key diagram 3.
[step ST101-4]
At first, m hashed value Hash (the i-1)~Hash (i-m) that will be present in the hash table Hash List (i) links together.Thus, generate 1 hash and connect data.
[step ST101-5]
Then, the hash that generates is connected data and carry out the hash computing in step ST101-4.Thus, calculate connection hashed value Hash (i).
[step ST101-6]
Then, will in step ST101-5, calculate connect hashed value Hash (i) and be stored in encrypted domain key management information EncUR[u] (i) precalculated position.Encrypted domain key management information EncUR[u] (i), corresponding with hash table Hash List (i).
In addition, thereby content key is upgraded, appends, deletes encrypted domain key management information EncUR[u when using original domain key] when (i) upgrading, encrypted domain key management information EncUR[u] (i), in the temporary transient earlier before deciphering of storage hash table Hash List (i), obtain domain key management information UR[u] (i).Then, when hash table Hash List (i) is stored in domain key management information UR[u] (i) in the time, again with this domain key management information UR[u] (i) encrypt and turn back to encrypted domain key management information EncUR[u] (i).
But, when newly-generated domain key, also want newly-generated domain key management information UR[u] (i), in this case, no longer need the processing of temporarily deciphering, can be stored in domain key management information UR[u with connecting hashed value Hash (i)] (i) in, and with this domain key management information UR[u] (i) encrypt and generate encrypted domain key management information EncUR[u] (i).
<content key alter check
Below, be stored in the processing (processing among the step ST22) of testing of altering of content key in the target device 10 by 11 pairs of main equipments with reference to Fig. 6 explanation.Here, main equipment 11, (j is an integer and 1≤j≤m) content key Kt (i-j's) alters to check among content key Kt (the i-1)~Kt (i-m) corresponding with domain key Ku (i) j.
[step ST102-1]
Next step, main equipment 11 is with the additional information info (i-j) and the encrypted content key management information EncUR[t of encrypted content key EncKt (i-j) and its subsidiary plaintext] (i-j) link together.Thus, generate 1 and connect data.
[step ST102-2]
Then, main equipment 11 is carried out the hash computing to the connection data that generate, and is calculated hashed value Hash (i-j) in step ST102-1.
[step ST102-3]
Then, main equipment 11, hashed value Hash (i-j) that will calculate in step ST102-2 and hashed value Hash (i-j) in the hash table Hash List (i) that is stored in the normal areas 103 of target device 10 compare.
[step ST102-4]
When being judged as the hashed value Hash (i-j) that in step ST102-2, calculates according to the comparative result among the step ST102-3 with the hashed value Hash (i-j) of hash table Hash List (i) when inconsistent, main equipment 11, be judged as encrypted content key EncKt (i-j), additional information info (i-j) or encrypted content key management information EncUR[t] (i-j) altered, and the execution abort action.On the other hand, when being judged as both unanimities, enter step ST102-5.
[step ST102-5]
Then, main equipment 11 is obtained (m-1) individual hashed value Hash (i-1)~Hash (i-(j-1)), Hash (i-(j+1))~Hash (i-m) except that the hashed value Hash (i-j) corresponding with content key Kt (i-j) the hash table Hash List (i) in the normal areas 103 that is stored in target device 10.In other words, main equipment 11 is not carried out the hash computing to the individual encrypted content key of encrypted content key EncKt (i-j) (m-1) in addition among encrypted content key EncKt (the i-1)~EncKt (i-m) corresponding with encrypted domain key EncKu (i).Then, main equipment 11, the hashed value Hash (i-j) that will in step ST102-2, calculate be embedded to the position near hashed value Hash (i-j) before hashed value Hash (i-(j-1)) and located just between hashed value Hash (i-j) hashed value Hash (i-(j+1)) afterwards.Then, main equipment 11 links together these hashed values Hash (i-1)~Hash (i-(j-1)), Hash (i-j), Hash (i-(j+1))~Hash (i-m).Thus, generate hash and connect data.In other words, connect in the data in this hash, the hashed value Hash (i-j) that will be present among m hashed value Hash (the i-1)~Hash (i-m) in the hash table Hash List (i) is replaced into the hashed value Hash (i-j) that calculates in step ST102-2.
[step ST102-6]
Then, main equipment 11 connects data to the hash that generates and further carries out the hash computing in step ST102-5, and calculates connection hashed value Hash (i).Then, enter step ST102-9.In addition, also not necessarily must replace hashed value Hash (i-j), since by with hash table Hash List (i) in the comparison of hashed value checked legitimacy, also can be directly hash table Hash List (i) to be carried out the hash computing and calculate and connect hashed value Hash (i).
[step ST102-7]
On the other hand, main equipment 11 with reference to key correspondence table Address List, detects to encrypted content key EncKt (i-j) is deciphered required encrypted domain key EncKu (i).Then, main equipment 11 should detected encrypted domain key EncKu (i) and encrypted domain key management information EncUR[u with the authentication intermediate key] (i) be decrypted.Thus, generate domain key Ku
(i) and domain key management information UR[u] (i).
[step ST102-8]
Then, main equipment 11 is from domain key management information UR[u] extract the connection hashed value Hash (i) be stored in preposition (i).Then, enter step ST102-9.
[step ST102-9]
Then, main equipment 11, the connection hashed value Hash (i) that will calculate in step ST102-6 compares with the hashed value Hash (i) that is connected that extracts in step ST102-8.
[step ST102-10]
When be judged as according to the comparative result among the step ST102-9 connection hashed value Hash (i) that in step ST102-6, calculates with in step ST102-8, extract be connected hashed value Hash (i) when inconsistent, main equipment 11, be judged as encrypted content key EncKt (i-j), additional information info (i-j) or encrypted content key management information EncUR[t] (i-j) altered the execution abort action.On the other hand, when being judged as both unanimities, enter step ST102-11.
[step ST102-11]
Then, main equipment 11 after the legitimacy of content key is guaranteed, is used in the domain key Ku (i) that generates among the step ST102-7 with encrypted content key EncKt (i-j) and encrypted content key management information EncUR[t] (i-j) deciphering.Thus, main equipment 11 is obtained content key Kt (i-j) expressly and content key management information UR[t expressly] (i-j).
Main equipment 11 is used the content key Kt (i-j) of the plaintext that obtains by aforesaid processing, with the contents decryption after encrypting.
As mentioned above, in the present embodiment, when carry out to 1 content key alter check the time, carry out the hash computing of the connection data that constitute by 1 encrypted content key and attached information thereof and the hash computing that is connected data constituting by the hashed value that is present in the hash table.According to this method of inspection of altering, when when altering the method for inspection and comparing, treating capacity being reduced significantly, and processing speed is obviously improved with shown in Figure 19.
In addition, also considered to transmit the situation of appending or deleting content key by means of distribution from now on by network.In the present embodiment, when having appended content key, as this content key that is appended being carried out the hash computing and calculating hashed value and this hashed value that calculates is appended in hash table (as the processing of execution in step ST101-1~ST101-3), just hash table can be upgraded.In addition, as the connection data that are made of a plurality of hashed values in the hash table that is present in after the renewal are carried out hash computing (as the processing of execution in step ST101-4, ST101-5), can also connect hashed value and upgrade.On the other hand, when having deleted content key,, just hash table can be upgraded as the hashed value corresponding with the content key of having deleted deleted from hash table.In addition, as the connection data that are made of a plurality of hashed values in the hash table that is present in after the renewal are carried out hash computing (as the processing of execution in step ST101-4, ST101-5), also can connect hashed value and upgrade.
<project 〉
The target device that has, the zone of guaranteeing the memory contents key with the form of project in advance.Make in each project and a plurality of domain key any 1 corresponding.In other words, make each domain key corresponding with a plurality of projects.Be stored in the encrypted content key in the project, can be by the domain key deciphering corresponding with this project.In this case, produced the hashed value corresponding with projects compiled the such notion of hash table that forms.That is, no matter in fact whether to store content key, can will be stored in the normal areas 103 about the hashed value of all items corresponding form with hash table with same domain key.And, also the hashed value of all items corresponding with same domain key can be linked together, these connection data are carried out the hash computing and calculated hashed value, and the hashed value that this calculates is stored in the domain key management information.Certainly, for reducing treating capacity, preferably make the operand of hash computing little.Therefore, the best way is, only the project implementation hash computing of in fact storing content key is generated hash table, the hashed value by will this hash table connects the back to be carried out hash computing to it and calculates hashed value, and the hashed value that this calculates is stored in the domain key management information.
<Change Example 〉
Present embodiment has been discussed various Change Examples, but disclose 3 following Change Examples as typical example.
(1) encrypted content not necessarily must be stored in target device with the storage encryption content key and is in the same target device, also can be stored in other the recording medium.In this case, main equipment can be obtained the encrypted content that is stored in these other the recording medium by network etc., and with the content key that the method for inspection has guaranteed legitimacy of altering by present embodiment, with this encrypted content deciphering.
(2) additional information is not have to encrypt and the also lower information of confidentiality.Therefore, can be not yet as the object of hash computing.For example, also can be by to by encrypted content key EncKt (i-j) and encrypted content key management information EncUR[t] the connection data that (i-j) constitute carry out the hash computing and calculate hashed value Hash (i-j).
(3) in the 1st execution mode, be that the set (content key group TKURE (i)) with the content key of same domain key deciphering is provided with the structure of 1 hash table Hash List (i), but also can P (P is the integer more than 2) subclass hash table and 1 complete or collected works' hash table be set 1 content key group.Here, be that example illustrates subclass hash table and complete or collected works' hash table with reference to Fig. 7 with content key group TKURE (i).Among the figure, can be divided into P (P is the integer more than 2) subclass with a plurality of encrypted content key (m the encrypted content key EncKt (i-1) that is comprised among the content key group TKURE (i)~EncKt (i-m)) of domain key Ku (i) deciphering.Collecting and distributing tabulation Hash List (i-Gr1)~Hash List (i-GrP) is corresponding one by one with P son to make P subclass.For example, the subclass that makes from j content key Kt (i-j) to k (k be integer and j<k≤m)) content key Kt (i-k) and subclass hash table Hash List (i-GrJ) (J be integer and 1≤J≤P)) are corresponding.And subclass hash table Hash List (i-GrJ) comprises (k-j) individual hashed value Hash (i-j)~Hash (i-k).In addition, subclass hash table Hash List (i-Gr1)~Hash List (i-GrP), corresponding with complete or collected works' hash table Hash List (i-ALL).Complete or collected works' hash table Hash List (i-ALL) comprises P part hashed value Hash (i-Gr1)~Hash (i-GrP) one to one with P son collecting and distributing tabulation Hash List (i-Gr1)~Hash List (i-GrP).Overall hashed value ALL Hasht (i) generates according to complete or collected works' hash table Hash List (i-ALL).According to this configuration, when encrypted content key EncKt (i-j) being carried out when altering check, carry out by encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j) and the hash computing that is connected data (hash computing 1) that constitutes of additional information info (i-j), to content key Kt (i-j) under the corresponding subclass hash table Hash List (i-GrJ) of subclass hash computing (hash computing 2), reach hash computing (hash computing 3) to complete or collected works' hash table Hash List (i-ALL).The treating capacity that hash computing 2 and hash computing 3 lump together is less than the treating capacity of the processing shown in Fig. 5.Therefore, can reckon with that processing speed will further improve.
(the 2nd execution mode)
In the 2nd execution mode of the present invention, content key and content key management information are encrypted in the encrypted url mode.
<encrypted url mode 〉
Here, with reference to the encryption method of Fig. 8 explanation based on the encrypted url mode.Wherein, suppose that cryptographic object is content key Kt (i-j) and content key management information UR[t] (i-j).
[encryption]
At first, content key Kt (i-j) and content key management information UR[t] (i-j) link together after, be that unit is cut apart with per 8 bytes in order from the starting, obtain " data 1 ", " data 2 " ..., " data X " (X is the integer more than or equal to 2).In addition, can certainly not by 8 bytes but at random cut apart.
Then, 8 initial bytes of MSB (highest significant position or most significant byte) side i.e. " data 1 ", obtain with domain key Ku (i) encryption " enciphered data 1 ".Then, the median 1 of the encryption corresponding with " data 1 " is carried out predetermined operation, generate link key 1.Then, back 1 " data 2 " that will be positioned at " data 1 " with link key 1 encrypt, and obtain " enciphered data 2 ".Then, the median 2 of the encryption corresponding with " data 2 " is carried out predetermined operation, generate link key 2.Like this, as " data 1 " of 8 bytes of beginning, encrypt with domain key Ku (i).And each 8 byte data of the 2nd and back are utilized the encrypted result of preceding 18 byte data are encrypted successively.
Carry out above-mentioned encryption repeatedly up to beginning several 8 last bytes (being LSB (least significant bit or least significant byte)) from MSB promptly till " data X "." data 1 "~" data X " becomes " enciphered data 1 "~" enciphered data X ".Set that should " enciphered data 1 "~" enciphered data X " becomes encrypted content key EncKt (i-j) and encrypted content key management information EncUR[t] (i-j) set.
[decryption processing]
Below, the decryption method based on the encrypted url mode is described.
At first, encrypted content key EncKt (i-j) and encrypted content key management information EncUR[t] (i-j) set, be that unit is cut apart with per 8 bytes in order from the starting, obtain " enciphered data 1 ", " enciphered data 2 " ..., " enciphered data X ".Then, " enciphered data 1 " with domain key Ku (i) deciphering, obtains " data 1 ".Then, " enciphered data 2 " utilizes the decrypted result of " enciphered data 1 " to be decrypted, and obtains " data 2 ".Like this, as " enciphered data 1 " of 8 bytes of beginning, with domain key Ku (i) deciphering.Each enciphered data of the 2nd and back utilizes the decrypted result to preceding 1 enciphered data to be decrypted successively.
In this encrypted url mode, every partial data linked on one side carry out encrypt/decrypt on one side.In other words, this encrypted url mode has such feature, that is: in the deciphering failure in any one stage, all enciphered datas after this stage all can not normally be deciphered during as deciphering.Therefore, for example, if, just can guarantee that all data all are legal as the data X successful decryption of last 8 bytes (LSB).
In addition, in this encrypted url mode, even when identical data are encrypted, if the data of having encrypted differ from one another in advance, the result of encryption is also inequality.
<structure 〉
According to the above, the confidential information processing system of the present invention's the 2nd execution mode is described.The general structure of the confidential information processing system of present embodiment, same as shown in Figure 1., be stored in the confidential information in the target device 10, with shown in Figure 3 different.
<confidential information 〉
In the present embodiment, the confidential information that is stored in the target device 10 is shown in Fig. 9.In protection zone 102, storage domain key group UKURE.In normal areas 103, storage key correspondence table Address List and content key group TKURE (i).
[domain key group]
Domain key group UKURE, the same with Fig. 3, comprise n encrypted domain key EncKu (1)~EncKu (n) and n encrypted domain key management information EncUR[u] (1)~EncUR[u] (n).And, at each encrypted domain key management information EncUR[u] (1)~EncUR[u] (n) each precalculated position storing the link hashed value.The link hashed value becomes according to the content key all living creatures corresponding with this encrypted domain key management information.For example, at encrypted domain key management information EncUR[u] (i) precalculated position, storage link hashed value Chain Hash (i).Link hashed value Chain Hash (i) generates according to content key group TKURE (i).
In addition, the content key group TKURE (i) corresponding with encrypted domain key EncKu (i) only is shown in Fig. 9, but encrypted domain key EncKu (i) each encrypted domain key EncKu (1)~EncKu (n) in addition also can be corresponding one by one with the content key group.
[content key group]
Content key group TKURE (i) except that the content key group TKURE (i) shown in Fig. 3, also comprises m encryption verification value EncCheck (i-1)~EncCheck (i-m).Encryption verification value EncCheck (i-1)~EncCheck (i-m) is corresponding one by one with encrypted content key EncKt (i-1)~EncKt (i-m).In addition, in each additional information info (i-1)~info (i-m), the test value corresponding (in Fig. 9, the test value Check (i-j) as representative only being shown) with the plaintext state storage with each value among encryption verification value EncCheck (i-1)~EncCheck (i-m).For example, in the additional information info of the pairing encrypted content key EncKt of encryption verification value EncCheck (i-j) (i-j) (i-j), storing test value Check (i-j) expressly.And test value Check (i-j) is stored in the precalculated position of corresponding additional information info (i-j) according to specified bytes (information of indicating predetermined position).
Key correspondence table Address List is identical with the key correspondence table Address List shown in Fig. 3.
The encryption of<content key and incidental information thereof 〉
Below, the encryption of description key, content key management information, test value.Here, with content key Kt (i-j), content key management information UR[t] (i-j), test value Check (i-j) is that example describes.
At first, with content key Kt (i-j) and content key management information UR[t] (i-j) be connected.Then, according to specified bytes, test value Check (i-j) is embedded to by content key Kt (i-j) and content key management information UR[t] precalculated position of the connection data that (i-j) constitute.In this example, test value is embedded to LSB.Then, according to the encrypted url mode, the connection data of having imbedded test value Check (i-j) are encrypted.Then, the connection data after encrypting are divided into encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), and encryption verification value EncCheck (i-j).
In such a way, with content key, content key management information, and test value encrypt.In addition, owing to imbed position rather than fixed position, can hide the position of imbedding test value, thereby confidentiality is improved according to what specified bytes was specified test value.
The generation step of<link hashed value 〉
Below, with reference to the generation step of the link hashed value Chain Hash (i) shown in Figure 10 key diagram 9.In addition, here, as shown in figure 10, with each encrypted content key management information EncUR[t] (i-1)~EncUR[t] (i-m) be set at the back segment that is positioned at corresponding encrypted content key, and each encryption verification value EncCheck (i-1)~EncCheck (i-m) is set at the back segment that is positioned at corresponding encrypted content key management information.In addition, also each encryption verification value EncCheck (i-1)~EncCheck (i-m) is set at 8 byte datas.
[step ST201-1]
At first, according to specified bytes, from content key group TKURE (i), extract m encryption verification value EncCheck (i-1)~EncCheck (i-m).For example, from the set of encrypted content key EncKt (i-j) and its attached information (encrypted content key management information EncUR[t] (i-j) and encryption verification value EncCheck (i-j)), extract the data (, for being right after] (i-j) afterwards 8 byte datas) in precalculated position here at encrypted content key management information EncUR[t.Thus, can extract encryption verification value EncCheck (i-j).Handle by each encrypted content key EncKt (i-1)~EncKt (i-m) is carried out this extraction, extract m encryption verification value EncCheck (i-1)~EncCheck (i-m).
[step ST201-2]
Then, m encryption verification value EncCheck (the i-1)~EncCheck (i-m) that is extracted is linked together.Thus, generate 1 test value and connect data.
[step ST201-3]
Then, the test value that generates is connected data and carry out the hash computing in step ST201-2.Thus, calculate link hashed value Chain Hash (i).
[step ST201-4]
The link hashed value Chain Hash (i) that then, will calculate in step ST201-3 is stored in encrypted domain key management information EncUR[u] (i) precalculated position.
In addition, thereby content key is upgraded, appends, deletes encrypted domain key management information EncUR[u when using original domain key] when (i) upgrading, encrypted domain key management information EncUR[u] (i), in the temporary transient earlier before deciphering of storage link hashed value Chain Hash (i), obtain domain key management information UR[u] (i).Then, be stored in domain key management information UR[u when linking hashed value ChainHash (i)] (i) in the time, again with this domain key management information UR[u] (i) encrypt and turn back to encrypted domain key management information EncUR[u] (i).
When newly-generated domain key, domain key management information UR[u] (i) also newly-generated, in this case, no longer need the processing of temporarily deciphering, link hashed value ChainHash (i) can be stored in domain key management information UR[u] (i) in, and with this domain key management information UR[u] (i) encrypt and generate encrypted domain key management information EncUR[u] (i).
<alter the method for inspection 〉
Below, the method for inspection of altering of test value Check (i-1)~Check (i-m) of having utilized shown in Fig. 9 is described with reference to Figure 11.Here, with encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), and encryption verification value EncCheck (i-j) be that example describes.
[step ST202-1]
At first, with encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), and encryption verification value EncCheck (i-j) link together.Thus, generate 1 and connect data.
[step ST202-2]
Then, will connect data decryption according to the encrypted url mode.Thus, generate by content key Kt (i-j), content key management information UR[t] (i-j), and the connection data that constitute of test value Check (i-j).This connects data, has test value Check (i-j) is embedded to and content key Kt (i-j) and content key management information UR[t] structure in (i-j) the precalculated position that is connected data.
[step ST202-3]
Then, according to specified bytes, from by content key Kt (i-j), content key management information UR[t] (i-j), and the connection data that constitute of test value Check (i-j) extract test value Check (i-j).Then, enter step ST202-5.
[step ST202-4]
On the other hand, the test value Check (i-j) that will be stored in the precalculated position of additional information info (i-j) extracts out.Then, enter step ST202-5.
[step ST202-5]
Test value Check (i-j) that then, will extract in step ST202-3 and the test value Check (i-j) that extracts in step ST202-4 compare.
Like this, to each content key Kt (i-1)~Kt (i-m), the test value that will extract from additional information compares with the test value that extracts the data that is connected after deciphering, verifies the legitimacy of this content key.
Test value preferably is attached to and is right after after the content key management information.In other words, in the connection data that are made of content key, content key management information and test value, the LSB that preferably makes these connection data is a test value.This is because can verify the legitimacy of the data integral body of conduct deciphering object by checking LSB.
<action 〉
Below, the action of the confidential information processing system of present embodiment is described.The overall procedure of the action of the confidential information processing system of present embodiment, basic identical with Fig. 2, but be different from detailed process in the processing of altering (step ST22) of inspection content key.
<content key alter check
The processing in the processing (step ST22) of testing of altering that is stored in content key in the target device 10 by 11 pairs of main equipments is described in the present embodiment) with reference to Figure 12.Here, check altering of content key Kt (i-j) corresponding with domain key Ku (i).In addition, suppose test value Check (i-j)) for being right after at content key management information UR[t] (i-j) afterwards 8 byte datas.
[step ST203-1]
At first, main equipment 11 is with encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), and encryption verification value EncCheck (i-j) deciphering.Because these data are to connect data as 1 to encrypt by above-mentioned encrypted url mode, will connect data and decipher successively from MSB (8 initial bytes).
[step ST203-2]
Then, main equipment 11 according to specified bytes, becomes the data of 8 amount of bytes of extraction expressly the connection data (by content key Kt (i-j), content key management information UR[t] (i-j) and the connection data that constitute of test value Check (i-j)) after deciphering.In addition, here, because test value Check (i-j) is attached to and is right after content key management information UR[t] (i-j) afterwards, specified bytes refers to LSB (8 last bytes).Thus, can from become connection data expressly, extract test value Check (i-j).Then, enter step ST203-4.
[step ST203-3]
On the other hand, main equipment 11, the data of 8 amount of bytes of extraction from additional information info (i-j).Thus, can from additional information info (i-j), extract test value Check (i-j).
[step ST203-4]
Then, main equipment 11, test value Check (i-j) that will extract in step ST203-2 and the test value Check (i-j) that extracts in step ST203-3 compare.Like this, by both are compared, can verify in the connection data that constitute by content key, content key management information and test value legitimacy up to the data of the position of having imbedded test value.
[step ST203-5]
When being judged as the test value Check (i-j) that in step ST203-2, extracts and the test value Check (i-j) that in step ST203-3, extracts according to the comparative result among the step ST203-4 when inconsistent, main equipment 11, be judged as encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j) or encryption verification value EncCheck (i-j) altered and execution abort action.On the other hand, when being judged as both unanimities, enter step ST203-6.
[step ST203-6]
Then, main equipment 11 according to specified bytes, extracts m encryption verification value EncCheck (i-1)~EncCheck (i-m) from content key group TKURE (i).For example, main equipment 11 is according to specified bytes, from by encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), encryption verification value EncCheck (i-j)) extract the data of 8 amount of bytes the connection data that constitute.Thus, can extract encryption verification value EncCheck (i-j).Main equipment 11 is carried out this extraction processing by each being connected data, extracts m encryption verification value EncCheck (i-1)~EncCheck (i-m).
[step ST203-7]
Then, main equipment 11, m the encryption verification value EncCheck (i-1) that will extract in step ST203-6~EncCheck (i-m) links together.Thus, generate 1 test value and connect data.
[step ST203-8]
Then, main equipment 11 connects data to the test value that generates and carries out the hash computing in step ST203-7.Thus, calculate link hashed value Chain Hash (i).Then, enter step ST203-11.
[step ST203-9]
On the other hand, main equipment 11 with reference to key correspondence table Address List, detects to encrypted content key EncKt (i-j) is deciphered required encrypted domain key EncKu (i).Then, main equipment 11 should detected encrypted domain key EncKu (i) and encrypted domain key management information EncUR[u with the authentication intermediate key] (i) decipher.Thus, generate domain key Ku (i) and domain key management information UR[u] (i).
[step ST203-10]
Then, main equipment 11 is from domain key management information UR[u] extract the link hashed value Chain Hash (i) be stored in preposition (i).
[step ST102-11]
Then, main equipment 11, link hashed value ChainHash (i) that will calculate in step ST203-8 and the hashed value Chain Hash (i) that links that extracts in step ST203-10 compare.
[step ST203-12]
When be judged as according to the comparative result among the step ST203-11 link hashed value Chain Hash (i) that in step ST203-8, calculates with in step ST203-10, extract link hashed value Chain Hash (i) when inconsistent, main equipment 11, be judged as encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j) or encryption verification value EncCheck (i-j) altered and execution abort action.On the other hand, when being judged as both unanimities, enter step ST203-13.
[step ST203-13]
Then, main equipment 11 after the legitimacy of content key is guaranteed, is used in the domain key Ku (i) that generates among the step ST203-9 with encrypted content key EncKt (i-j) and encrypted content key management information EncUR[t] (i-j) deciphering.Thus, main equipment 11 is obtained content key Kt (i-j) expressly and content key management information UR[t expressly] (i-j).
Main equipment 11 is used the content key Kt (i-j) of the plaintext that obtains by aforesaid processing, with the contents decryption after encrypting.
As mentioned above, when execution is checked about altering of 1 content key, carry out the comparison of the test value that is extracted and the hash computing that is connected data to constituting by the pairing test value of each encrypted content key.According to this method of inspection of altering, when when altering the method for inspection and comparing, treating capacity being reduced significantly, and processing speed is obviously improved with shown in Figure 19.
In addition, also considered to transmit the situation of appending or deleting content key by means of distribution from now on by network.In the present embodiment, when having appended content key, only need will the test value corresponding with this content key be stored in the additional information and this test value encrypted after be embedded in any one of content key and content key management information and get final product.In this manner, can carry out the check of altering to the content key after appending.In addition, as the data that are connected that are made of encryption verification value corresponding with the content key that is appended and existing encryption verification value are carried out hash computing (as the processing of execution in step ST201-1~ST201-4), just the link hashed value can be upgraded.On the other hand, when having deleted content key, extract and these encryption verification values are linked together and carry out hash computing (as the processing of execution in step ST201-1~ST201-4) once more as encryption verification value that will be corresponding with not deleted content key, just can the renewal of link hashed value.
Further, in the present embodiment, the check of altering of each content key is carried out with different separately modes with the check of altering to all test values.That is, each content key alter check, by relatively execution with the encrypted url mode value of testing, on the other hand, all test values alter check, carry out by the hash computing.Like this, owing to alter the method difference of check, level of confidentiality is improved.
Further, because test value is stored in the additional information, can set different test values to each content key.Therefore, confidentiality is improved.
<project 〉
In addition, the target device that has, the zone of also guaranteeing the memory contents key in advance with the form of project.Make each project corresponding with domain key.Be stored in the encrypted content key in the project, can be by the domain key deciphering corresponding with this project.In this case, produced will be corresponding with projects test value connect and carry out the notion of hash computing.Promptly, no matter in fact whether to store content key, can from all items corresponding, extract the data in precalculated position according to specified bytes with same domain key, the data of this extraction are linked together and carry out the hash computing, and the hashed value that calculates is stored in the domain key management information.Certainly, for reducing treating capacity, preferably make the operand of hash computing little.Therefore, the best way is, only to the project implementation of in fact the storing content key data pick-up according to specified bytes, the data of this extraction are linked together and carries out the hash computing, and the hashed value that calculates is stored in the domain key management information.
<Change Example 〉
Present embodiment has been discussed various Change Examples, but disclose 3 following Change Examples as typical example.
(1) encrypted content not necessarily must be stored in target device with the storage encryption content key and is in the same target device, also can be stored in other the recording medium.In this case, main equipment can be obtained the encrypted content that is stored in these other the recording medium by network etc., and uses the method for inspection of altering by present embodiment to guarantee that the content key of legitimacy is with this encrypted content deciphering.
(2) imbed the position of test value, not necessarily must specify, also can fix by specified bytes.For example, imbed, then can check altering of all data (content key, content key management information) if be fixed as 8 bytes of LSB.
(3) test value also not necessarily must be embedded in the additional information, also can be stored in register etc. as constant as shown in figure 13.And when this constant has certain rules, also register can not established and by the realizations such as combination of arithmetic unit.In general, compare with register is set, the mode of utilizing the aggregate erection constant of arithmetic unit is favourable on circuit area.
(the 3rd execution mode)
In the 3rd execution mode of the present invention, utilize the encrypt/decrypt of overall test value execution based on the encrypted url mode.The encrypted url mode, same as shown in Figure 8.And, inspection content key K t (i-j) and subsidiary content key management information UR[t thereof] (i-j) the method for altering is identical with the 2nd execution mode.
<structure 〉
The general structure of the confidential information processing system of the present invention's the 3rd execution mode, same as shown in Figure 1.Be stored in the confidential information in the target device 10, with shown in Figure 3 different.
<confidential information 〉
The confidential information that is stored in the target device 10 in the present embodiment is shown in Figure 14.In protection zone 102, storage domain key group UKURE.In normal areas 103, storage key correspondence table Address List, content key group TKURE (i), test value table CheckList (i) and overall test value Check (i).
[domain key group]
Domain key group UKURE, the same with Fig. 3, comprise n encrypted domain key EncKu (1)~EncKu (n) and n encrypted domain key management information EncUR[u] (1)~EncUR[u] (n).And, at each encrypted domain key management information EncUR[u] (1)~EncUR[u] (n) each precalculated position storing and encrypting overall test value.This encrypts overall test value, generates according to content key group corresponding with this domain key and overall test value.For example, at encrypted domain key management information EncUR[u] (i) precalculated position storing and encrypting overall test value EncCheck (i).Encrypt overall test value EncCheck (i), generate according to content key group TKURE (i) and overall test value Check (i).
In addition, the content key group TKURE (i) corresponding with encrypted domain key EncKu (i) only is shown in Figure 14, but encrypted domain key EncKu (i) each encrypted domain key EncKu (1)~EncKu (n) in addition also can be corresponding one by one with the content key group.
[content key group and key correspondence table]
Content key group TKURE (i) and key correspondence table Address List, same as shown in Figure 9.
[test value table]
Test value table Check List (i), corresponding with content key group TKURE (i), and comprise m double-encryption test value Enc 2Check (i-1)~Enc 2Check (i-m) and encryption overall test value EncCheck (i).Double-encryption test value Enc 2Check (i-1)~Enc 2Check (i-m) is corresponding one by one with the encryption verification value EncCheck (i-1) that is comprised among the content key group TKURE (i)~EncCheck (i-m).In addition, the test value table Check List (i) corresponding with content key group TKURE (i) only is shown in Figure 14, but the test value table corresponding with content key group TKURE (i) each encrypted domain key group (not shown) in addition can exist also.
[overall test value]
Overall test value Check (i), corresponding with content key group TKURE (i), in addition, the overall test value Check (i) corresponding with content key group TKURE (i) only is shown, but the overall test value Check (i) corresponding with content key group TKURE (i) each encrypted domain key group (not shown) in addition can exist also in Figure 14.
The generation step of<test value table and encryption verification value 〉
Below, with reference to Figure 15 test value table Check List (i) shown in Figure 14 and the generation step of encrypting overall test value EncCheck (i) are described.
[step ST301-1]
At first, according to specified bytes, from content key group TKURE (i), extract m encryption verification value EncCheck (i-1)~EncCheck (i-m).For example, from by encrypted content key EncKt (i-j), encrypted content key management information EncUR[t] (i-j), and the connection data that constitute of encryption verification value EncCheck (i-j) extract encryption verification value EncCheck (i-j).In such a way, extract m encryption verification value EncCheck (i-1)~EncCheck (i-m).
[step ST301-2]
M the encryption verification value EncCheck (i-1) that will extract in step ST301-1 then ,~EncCheck (i-m) and overall test value Check (i) link together.Thus, generate 1 test value and connect data.
[step ST301-3]
Then, according to the encrypted url mode, test value is connected data encryption with domain key Ku (i).Thus, generate double-encryption test value Enc 2Check (i-1)~Enc 2Check (i-m) and the set of encrypting overall test value EncCheck (i).
[step ST301-4]
Then, from double-encryption test value Enc 2Check (i-1)~Enc 2Take out in the set of Check (i-m) and the overall test value EncCheck of encryption (i) and encrypt overall test value EncCheck (i).Thus, double-encryption test value Enc 2Check (i-1)~Enc 2The set of Check (i-m) becomes test value table Check List (i).
[step ST301-5]
Then, the overall test value EncCheck of the encryption that will take out in step ST301-4 (i) is stored in domain key management information UR[u] (i) precalculated position.
In addition, thereby content key is upgraded, appends, deletes encrypted domain key management information EncUR[u when using original domain key] when (i) upgrading, encrypted domain key management information EncUR[u] (i), in the temporary transient earlier before deciphering of the overall test value EncCheck of storage encryption (i), obtain domain key management information UR[u] (i).Then, be stored in domain key management information UR[u when encrypting overall test value EncCheck (i)] (i) in the time, again with this domain key management information UR[u] (i) encrypt and turn back to encrypted domain key management information EncUR[u] (i).
When newly-generated domain key, domain key management information UR[u] (i) also newly-generated, in this case, no longer need the processing of temporarily deciphering, can be stored in domain key management information UR[u with encrypting overall test value EncCheck (i)] (i) in, and with this domain key management information UR[u] (i) encrypt and generate encrypted domain key management information EncUR[u] (i).
<alter the method for inspection 〉
Below, the method for inspection of altering of having utilized the overall test value Check (i) shown in Figure 14 is described with reference to Figure 16.Here, with encrypted domain key EncKu (i), test value table CheckList (i), and overall test value Check (i) be that example describes.In addition, the utilization shown in Figure 14 test value Check (i-1)~Check (i-m) alter the method for inspection, identical with the method shown in Figure 11.
[step ST302-1]
At first, with encrypted domain key management information EncUR[u] (i) deciphering.Thus, generate domain key management information UR[u] (i).Then, from domain key management information UR[u] (i) precalculated position extracts and encrypts overall test value EncCheck (i).
[step ST302-2]
Then, will be present in m interior double-encryption test value Enc of test value table Check List (i) 2Check (i-1)~Enc 2Check (i-m) links together.Then, the overall test value EncCheck of the encryption that further will extract in step ST302-1 (i) is connected by this m double-encryption test value Enc 2Check (i-1)~Enc 2The back segment of the connection data that Check (i-m) constitutes.In other words, by double-encryption test value Enc 2Check (i-1)~Enc 2Check (i-m) and being connected in the data that the overall test value EncCheck of encryption (i) constitutes, the LSB of these connection data encrypts overall test value EncCheck (i) exactly.Thus, generate 1 test value link data.
[step ST302-3]
Then, use domain key Ku (i) to the deciphering of test value link data execution based on the encrypted url mode.Thus, generate the set of m encryption verification value EncCheck (i-1)~EncCheck (i-m) and overall test value Check (i).
[step ST302-4]
Then, from the set of m encryption verification value EncCheck (i-1)~EncCheck (i-m) and overall test value Check (i), extract the data (being 8 byte datas here) in precalculated position as the LSB of this set.Thus, can extract overall test value Check (i).Then, enter step ST302-6.
[step ST302-5]
On the other hand, according to specified bytes, extract the overall test value Check (i) in the normal areas 103 that is stored in target device 10 in advance.Then, enter step ST302-6.
[step ST302-6]
Overall test value Check (i) that then, will extract in step ST302-4 and the overall test value Check (i) that extracts in step ST302-5 compare.Here, when both are consistent, be judged as test value table Check List (i) or overall test value Check (i) is not altered.On the other hand, when both are inconsistent, are judged as test value table Check List (i) or overall test value Check (i) and have been altered and the execution abort action.
According to as upper type, legitimacy that can compliance test value table Check List (i).If the test value table is not altered, can check altering of encrypted content key.For example, when wanting to check the altering of encrypted content key EncKt (i-j), from the test value table Check List (i) after the deciphering among step ST302-3, extract the encryption verification value EncCheck (i-j) corresponding with content key Kt (i-j).On the other hand, from content key group TKURE (i), extract encryption verification value EncCheck (i-j).Then, the encryption verification value EncCheck (i-j) that will extract from the test value table CheckList (i) after the deciphering compares with the encryption verification value EncCheck (i-j) that extracts from content key group TKURE (i).In this manner, can check encrypted content key EncKt (i-j) and attached information thereof (encrypted content key management information EncUR[t] (i-j) etc.) whether to be altered.
<action 〉
Below, the action of the confidential information processing system of present embodiment is described.The overall procedure of the action of the confidential information processing system of present embodiment, basic identical with Fig. 2, but the detailed process difference in the processing of altering (step ST22) of inspection content key.In the present embodiment, in step ST22, by carrying out the method for inspection (having utilized the method for inspection of altering of test value Check (i-1)~Check (i-m)) and the method for inspection (having utilized the method for inspection of altering of overall test value Check (i)), the legitimacy of checking content key altered shown in Figure 16 altered shown in Figure 11.
As mentioned above, when execution is checked about altering of 1 content key, carry out the comparison of the test value that is extracted and the comparison of overall test value.According to this method of inspection of altering, when when altering the method for inspection and comparing, treating capacity being reduced significantly, and processing speed is obviously improved with shown in Figure 19.
In addition, also considered to transmit the situation of appending or deleting content key by means of distribution from now on by network.In the present embodiment, when having appended content key, only need will the test value corresponding with this content key be stored in the additional information and this test value encrypted after be embedded in any one of content key and content key management information and get final product.In this manner, can carry out the check of altering to the content key after appending.In addition, as the data that are connected that are made of encryption verification value corresponding with the content key that is appended and existing encryption verification value are carried out encryption (as the processing of execution in step ST301-1~ST301-3) based on the encrypted url mode, just the test value table can be upgraded.On the other hand, when having deleted content key, extract and these encryption verification values are linked together and encrypt (as the processing of execution in step ST301-1~ST301-3) once more as encryption verification value that will be corresponding, just the test value table can be upgraded with not deleted content key.In addition, as overall test value is connected the encryption of also carrying out once more based on the encrypted url mode (as the processing of execution in step ST301-4, ST301-5) with the test value table, can upgrade by the link test value.
<Change Example 〉
Present embodiment has been discussed various Change Examples, but disclose 3 following Change Examples as typical example.
(1) encrypted content not necessarily must be stored in target device with the storage encryption content key and is in the same target device, also can be stored in other the recording medium.In this case, main equipment can be obtained the encrypted content that is stored in these other the recording medium by network etc., and uses the method for inspection of altering by present embodiment to guarantee that the content key of legitimacy is with this encrypted content deciphering.
(2) imbed the position of overall test value, not necessarily must specify, also can fix by specified bytes.For example, imbed, then can check altering of all data (content key, content key management information) if be fixed as 8 bytes of LSB.
(3) overall test value also not necessarily must be embedded in the additional information, also can be used as constant and is stored in the register etc.And when this constant has certain rules, also register can not established and by the realizations such as combination of arithmetic unit.In general, compare with register is set, the mode of utilizing the aggregate erection constant of arithmetic unit is favourable on circuit area.
In the explanation of above execution mode, general flowchart shown in Figure 2 also can suitably change according to the method for inspection (processing among the step ST22) of altering of the content key of each execution mode.So long as those skilled in the art are easy to according to each execution mode general flowchart shown in Figure 2 be carried out suitable change.
The present invention can be to alter at a high speed check, therefore can be applied to the confidential information processing system that is made of target device and main equipment etc.

Claims (33)

1. the generation method of data for detection of tampering, be used to detect at least 1 domain key is stored in the 1st zone and will be separately and the altering of foregoing key information in any 1 a plurality of key information that are associated of above-mentioned domain key information are stored in the target device in the 2nd zone different with above-mentioned the 1st zone
The generation method of this data for detection of tampering is characterised in that, comprising:
The step that the above-mentioned a plurality of key information that will be associated with a domain key in the encrypted url mode are encrypted;
A plurality of key information of the state after the above-mentioned encryption extract the step of the data in precalculated position;
Will be from the data step of connecting in a plurality of above-mentioned precalculated positions that above-mentioned a plurality of key information extract;
The data in a plurality of above-mentioned precalculated positions after the above-mentioned connection are carried out the step of hash computing and calculating linking hashed value;
Will the test value corresponding be stored in the step in the above-mentioned target device with the data in the above-mentioned precalculated position of plaintext state; And
Above-mentioned link hashed value is stored in step in the above-mentioned target device.
2. the generation method of data for detection of tampering according to claim 1 is characterized in that:
The foregoing key information comprises as the content key of the key that is used to reproduce content and the content key management information that is used to manage the foregoing key.
3. the generation method of data for detection of tampering according to claim 1 is characterized in that:
Above-mentioned the 1st zone is the protection zone of only accepting predetermined visit;
Above-mentioned the 2nd zone is the normal areas of accepting from user's random access;
Above-mentioned test value is stored in above-mentioned the 2nd zone, above-mentioned link hashed value is stored in above-mentioned the 1st zone.
4. the generation method of data for detection of tampering according to claim 1 is characterized in that:
The data in above-mentioned precalculated position are the data of predetermined length that are positioned at the lowest order of foregoing key information.
5. the generation method of data for detection of tampering according to claim 1 is characterized in that:
Expressly the data in the above-mentioned precalculated position of state are shared by the above-mentioned a plurality of key information that are associated with an above-mentioned domain key.
6. manipulation and detection method, detect will at least 1 the domain key information stores the 1st zone and will be separately with above-mentioned a plurality of key information in any 1 a plurality of key information that are associated of above-mentioned domain key information are stored in the target device in the 2nd zone different with above-mentioned the 1st zone in the altering an of key information
This manipulation and detection method is characterised in that, comprising:
The 1st calculation procedure is carried out the 1st computing and is calculated the check data an above-mentioned key information;
The 1st comparison step, the check that will calculate in above-mentioned the 1st calculation procedure compares with data with data and the check that is stored in advance in above-mentioned the 2nd zone;
Extraction step, do not carry out above-mentioned the 1st computing ground and extract a plurality of check data that are associated with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation procedure is carried out the 2nd computing and calculated population check data to the above-mentioned a plurality of checks that extract with data in above-mentioned extraction step; And
The 2nd comparison step, the overall check that will in above-mentioned the 2nd calculation procedure, calculate with data and in advance with an above-mentioned domain key information be stored in accordingly above-mentioned the 1st the zone in overall check compare with data.
7. manipulation and detection method according to claim 6 is characterized in that:
Above-mentioned the 1st zone is the protection zone of only accepting predetermined visit;
Above-mentioned the 2nd zone is the normal areas of accepting from user's random access.
8. manipulation and detection method according to claim 6 is characterized in that:
With above-mentioned domain key information with the state storage after encrypting in above-mentioned the 1st zone, with the foregoing key information with the state storage after encrypting in above-mentioned the 2nd zone.
9. manipulation and detection method according to claim 8 is characterized in that:
Above-mentioned the 1st computing and above-mentioned the 2nd computing are the hash computings.
10. manipulation and detection method according to claim 8 is characterized in that:
Above-mentioned overall check is stored in above-mentioned the 1st zone with the state after encrypting in advance with data,, obtains above-mentioned overall check data with state expressly by with above-mentioned domain key decrypts information;
The above-mentioned overall check of obtained plaintext state is compared with data with overall check that aforementioned calculation goes out in above-mentioned the 2nd comparison step with data.
11. manipulation and detection method according to claim 8 is characterized in that:
The foregoing key information is encrypted in the encrypted url mode;
Above-mentioned the 1st computing is the operation of data with deciphering of foregoing key information and extraction precalculated position.
12. manipulation and detection method according to claim 6 is characterized in that:
The check that is stored in advance in above-mentioned the 2nd zone is embedded in the foregoing key information with state expressly with data.
13. manipulation and detection method according to claim 11 is characterized in that:
Can specify above-mentioned precalculated position.
14. manipulation and detection method according to claim 11 is characterized in that:
The data in above-mentioned precalculated position are the data of predetermined length that are positioned at the lowest order of foregoing key information.
15. manipulation and detection method according to claim 6 is characterized in that:
When having appended the foregoing key information, the foregoing key information that is appended is carried out above-mentioned the 1st computing and calculates and to append the check data;
Add calculate append check with data after, above-mentioned a plurality of checks are carried out above-mentioned the 2nd computing and calculated population check data with data;
The above-mentioned overall check that calculates is stored in above-mentioned the 1st zone accordingly with data and above-mentioned domain key information.
16. manipulation and detection method according to claim 6 is characterized in that:
When having deleted the foregoing key information, after the check of the foregoing key information that will be deleted is deleted with data, above-mentioned a plurality of checks are carried out above-mentioned the 2nd computing and calculated population check data with data;
The above-mentioned overall check that calculates is stored in above-mentioned the 1st zone accordingly with data and above-mentioned domain key information.
17. manipulation and detection method, detection with at least 1 the domain key information of state storage after encrypting and separately with the target device of any 1 a plurality of key information that are associated of above-mentioned domain key information in above-mentioned a plurality of key information in the altering an of key information
This manipulation and detection method is characterised in that:
In above-mentioned target device, store the overall test value of the state after encrypting in the encrypted url mode and the overall test value of state expressly in advance,
Comprise
The 1st calculation procedure is carried out the 1st computing and is calculated the check data an above-mentioned key information;
The 1st comparison step, the check that will calculate in above-mentioned the 1st calculation procedure compares with data with data and the check that is stored in the above-mentioned target device in advance;
Extraction step, extract a plurality of check data of the state after the encryption related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation procedure is connected a plurality of checks of the state after the above-mentioned encryption overall test value with the state after data and the above-mentioned encryption back, is decrypted and calculates the expressly overall test value of state; And
The 2nd comparison step, the overall test value of the plaintext state that will calculate in above-mentioned the 2nd calculation procedure and the above-mentioned overall test value of the plaintext state of storage in advance compare.
18. manipulation and detection method according to claim 17 is characterized in that:
The overall test value of the state after above-mentioned domain key information and the above-mentioned encryption is stored in the protection zone of only accepting predetermined visit;
Use storage in the normal areas of acceptance the overall test value of foregoing key information, above-mentioned plaintext state and a plurality of checks of the state after the above-mentioned encryption from user's visit.
19. manipulation and detection method according to claim 17 is characterized in that:
When having appended the foregoing key information, add about the foregoing key information that appended append check data after, the overall test value of a plurality of checks of the state after above-mentioned encryption state after with data and above-mentioned encryption is upgraded.
20. manipulation and detection method according to claim 17 is characterized in that:
When having deleted the foregoing key information, after the check of the foregoing key information that will be deleted is deleted with data, a plurality of checks usefulness data of the state after the above-mentioned encryption and the overall test value of the state after the above-mentioned encryption are upgraded.
21. manipulation and detection method, at least 1 domain key information of detection of stored and separately with the target device of any 1 a plurality of key information that are associated of above-mentioned domain key information in above-mentioned a plurality of key information in the altering an of key information
This manipulation and detection method is characterised in that:
With each of above-mentioned a plurality of key information with the state storage after encrypting by the encrypted url mode in above-mentioned target device,
Comprise
The 1st calculation procedure, thus the data in above-mentioned key information deciphering and extraction precalculated position are calculated test value;
The 1st comparison step, the test value that will calculate in above-mentioned the 1st calculation procedure compares with the test value that is stored in the above-mentioned target device in advance;
Extraction step, extract a plurality of test values related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation procedure is carried out the 2nd computing and calculated population check data to the above-mentioned a plurality of test values that extract in above-mentioned extraction step; And
The 2nd comparison step, the overall check that will calculate in above-mentioned the 2nd calculation procedure compares with data with the overall check that data and domain key information same as described above in advance are stored in above-mentioned the 1st zone accordingly.
22. manipulation and detection method according to claim 21 is characterized in that:
The test value of above-mentioned storage in advance is embedded in the foregoing key information with state expressly.
23. manipulation and detection method according to claim 21 is characterized in that:
Can specify above-mentioned precalculated position.
24. manipulation and detection method according to claim 21 is characterized in that:
Above-mentioned test value is the data of predetermined length that are positioned at the lowest order of foregoing key information.
25. manipulation and detection method according to claim 21 is characterized in that:
The above-mentioned test value of storage in advance is a constant.
26. manipulation and detection method according to claim 21 is characterized in that:
Above-mentioned the 2nd computing is the hash computing.
27. manipulation and detection method according to claim 21 is characterized in that:
The overall check of above-mentioned domain key information and above-mentioned storage is in advance only being accepted in the protection zone of predetermined visit with storage;
Foregoing key information and the above-mentioned test value of storage in advance are stored in the normal areas of acceptance from user's visit.
28. manipulation and detection method according to claim 27 is characterized in that:
With the overall check of above-mentioned domain key information and above-mentioned storage in advance with data with the state storage after encrypting in above-mentioned protection zone;
With the foregoing key information with above-mentioned in advance the storage test value be connected and with the state storage after encrypting by the encrypted url mode in above-mentioned normal areas.
29. manipulation and detection method according to claim 28 is characterized in that:
When having appended the foregoing key information; behind the test value that the foregoing key information that has appended and appended is associated; above-mentioned a plurality of test values are carried out the hash computing, and resulting hashed value is stored in the above-mentioned protection zone with data and above-mentioned domain key information accordingly as above-mentioned overall check.
30. manipulation and detection method according to claim 28 is characterized in that:
When having deleted the foregoing key information, after the test value deletion of the foregoing key information that will be deleted, above-mentioned a plurality of test values are carried out the hash computing, and resulting hashed value is stored in above-mentioned the 1st zone with data and above-mentioned domain key information accordingly as above-mentioned overall check.
31. alter checkout gear for one kind, detect will at least 1 the domain key information stores the 1st zone and will be separately with above-mentioned a plurality of key information in any 1 a plurality of key information that are associated of above-mentioned domain key information are stored in the target device in the 2nd zone different with above-mentioned the 1st zone in the altering an of key information
This is altered checkout gear and is characterised in that, comprising:
The 1st calculation element carries out the 1st computing and calculates the check data an above-mentioned key information;
The 1st comparison means will be compared with data with data and the check that is stored in advance in above-mentioned the 2nd zone by the check that above-mentioned the 1st calculation element calculates;
Draw-out device, do not carry out above-mentioned the 1st computing ground and extract a plurality of check data related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation element carries out the 2nd computing and calculated population check data to the above-mentioned a plurality of checks that extracted by above-mentioned draw-out device with data; And
The 2nd comparison means, the overall check that will be calculated by above-mentioned the 2nd calculation element compares with data with data and the overall check that is stored in accordingly in above-mentioned the 1st zone with an above-mentioned domain key information in advance.
32. alter checkout gear for one kind, detection with at least 1 the domain key information of state storage after encrypting and separately with the target device of any 1 a plurality of key information that are associated of above-mentioned domain key information in above-mentioned a plurality of key information in the altering an of key information
This is altered checkout gear and is characterised in that:
In above-mentioned target device, store the overall test value of the state after encrypting in the encrypted url mode and the overall test value of state expressly in advance,
Comprise
The 1st calculation element carries out the 1st computing and calculates the check data an above-mentioned key information;
The 1st comparison means will be compared with data with data and the check that is stored in the above-mentioned target device in advance by the check that above-mentioned the 1st calculation element calculates;
Draw-out device, extract a plurality of check data of the state after the encryption related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation element after a plurality of checks of the state after the above-mentioned encryption are connected with the overall test value of the state after data and the above-mentioned encryption, is decrypted and calculates the overall test value of plaintext state; And
The 2nd comparison means, the overall test value of the plaintext state that will be calculated by above-mentioned the 2nd calculation element and the above-mentioned overall test value of the plaintext state of storage in advance compare.
33. alter checkout gear for one kind, the altering an of key information in the above-mentioned a plurality of key information in the target device of at least 1 domain key information of detection of stored and a plurality of key information of being associated with any 1 above-mentioned domain key information separately,
This is altered checkout gear and is characterised in that:
With each of above-mentioned a plurality of key information with the state storage after encrypting by the encrypted url mode in above-mentioned target device,
Comprise
The 1st calculation element, thus the data in above-mentioned key information deciphering and extraction precalculated position are calculated test value;
The 1st comparison means will be compared by above-mentioned the 1st calculation element test value that calculates and the test value that is stored in the above-mentioned target device in advance;
Draw-out device, extract a plurality of test values related with a plurality of key information, described a plurality of key information is associated with a domain key information, and the associated domain key information of this a domain key information and an above-mentioned key information is same domain key information;
The 2nd calculation element carries out the 2nd computing and calculated population check data to the above-mentioned a plurality of test values that extracted by above-mentioned draw-out device; And
The 2nd comparison means will be compared with data with the overall check that data and domain key information same as described above in advance are stored in above-mentioned the 1st zone accordingly by the overall check that above-mentioned the 2nd calculation element calculates.
CNB2005101233512A 2004-12-16 2005-11-23 Generation method, manipulation and detection method and the device of data for detection of tampering Expired - Fee Related CN100571135C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP363891/2004 2004-12-16
JP2004363891 2004-12-16
JP185686/2005 2005-06-24

Publications (2)

Publication Number Publication Date
CN1790986A CN1790986A (en) 2006-06-21
CN100571135C true CN100571135C (en) 2009-12-16

Family

ID=36788518

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005101233512A Expired - Fee Related CN100571135C (en) 2004-12-16 2005-11-23 Generation method, manipulation and detection method and the device of data for detection of tampering

Country Status (1)

Country Link
CN (1) CN100571135C (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012249035A (en) * 2011-05-27 2012-12-13 Sony Corp Information processor, information processing method and program

Also Published As

Publication number Publication date
CN1790986A (en) 2006-06-21

Similar Documents

Publication Publication Date Title
TWI384830B (en) Method for generating data for detection of tampering, and method and apparatus for detection of tampering
US8918633B2 (en) Information processing device, information processing system, and program
US7802112B2 (en) Information processing apparatus with security module
KR100236697B1 (en) Software copying system
KR100753932B1 (en) contents encryption method, system and method for providing contents through network using the encryption method
US20070143632A1 (en) File management apparatus
JP4606421B2 (en) Key information generation method and apparatus, key information update method, falsification detection method and apparatus, and data structure of key information
US20050102527A1 (en) Digital content protection system
US8032941B2 (en) Method and apparatus for searching for rights objects stored in portable storage device object identifier
JP2010517448A (en) Secure file encryption
JP2002281019A (en) Portable information storage medium and method for authenticating the same
JP4047573B2 (en) Electronic information management apparatus and program
JP3597704B2 (en) IC card and recording medium
KR100910075B1 (en) A data processing apparatus, a method and a recording medium having computer program recorded thereon for processing data
JP2007108833A (en) Device for storing a plurality of passwords and password management method
JP2009080772A (en) Software starting system, software starting method and software starting program
JP4918133B2 (en) Data storage method, client device, data storage system, and program
CN100571135C (en) Generation method, manipulation and detection method and the device of data for detection of tampering
JP2004140715A (en) System and method for managing electronic document
JP4385261B2 (en) Terminal authentication, terminal change method, operation terminal, authentication server, and authentication program
JP2005063399A (en) File/key/data management system
JP4864456B2 (en) Data generation method for falsification detection
US20100058074A1 (en) Right information encryption module, nonvolatile memory device, right information recording system, right information decryption module, right information reading system, and right information recording/reading system
JP3536882B2 (en) IC card authentication system and authentication method
JP4583428B2 (en) Management server device and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200527

Address after: 617-8520, shizushao, Nagaoka, Kyoto, Japan

Patentee after: Panasonic semiconductor solutions Co., Ltd

Address before: Osaka Japan

Patentee before: Panasonic Corp.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091216

Termination date: 20201123

CF01 Termination of patent right due to non-payment of annual fee